Spyware's threat is getting nastier. Infection rates are on the rise, in part thanks to the surging popularity of social-networking sites like MySpace.com.

That's the assessment of Webroot, a leading vendor of anti-spyware software, which released the latest quarterly update of its State of Spyware report. In order to keep its software up-to-date against the latest threats, the Colorado-based company constantly tracks the creation of new spyware—the programs that become embedded in computers and track users' Web-surfing habits and generate annoying pop-up ads (see BusinessWeek.com, 7/17/06, "The Plot to Hijack Your Computer").

"We're finding that the social-networking sites like MySpace are turning out to be hotbeds for spyware," CEO Dave Moll says. "People are creating multiple profiles, and the links on their sites will take you to sites that will either download or drive-by download adware and spyware."

High infection rate
It doesn't help that many younger users aren't sufficiently cautious about where and how they surf the Web, Moll says. "They're not looking out for danger in quite the way that more skeptical adults do," he says. "Kids on MySpace and sites like it act as though they are in a safe youth-only environment, and as a result their behavior is less cautious, and that is something that is being preyed upon by all kinds of Internet villains. And we think spyware creators will be the most aggressive in exploiting that."

To date, Webroot's researchers have identified some 527,000 malicious Web sites, an increase of 100,000 from a year earlier.

Overall, Molls says, 89 percent of consumer PCs are infected with some kind of spyware, a rate not seen in a year. And, on average, home computers contain 30 individual spyware programs.

A glimmer of good news : Businesses are cutting instances of spyware. Webroot audited 19,480 businesses in 71 countries, most in the U.S. Infected PCs in business environments had 19 pieces of spyware on average, versus 21 a year ago.

Spyware creators are also employing a wider arsenal of weapons. They're piggybacking on other, more malicious types of programs such as rootkits, a type of program that conceals itself, and keyloggers, which record a user's keystrokes on a PC.

Additionally, Spyware creators are exploiting the popularity of Internet video clips to convey their nasty cargo. A Trojan program called Zlob masquerades as a video-decoder program intended to be an update for Microsoft's Windows Media Player. Users may come across a video clip they'd like to see, and on clicking a link are given an error message and a link to install a new version of the player software. The user's browser is then redirected to a download site that gives them a program that includes the Zlob Trojan, which in turn downloads more spyware and other malicious software programs.

Webroot, which is privately held, has some 3 million business users and 6 million home users, Moll says.